5 Year Old Discovers Xbox One Security Flaw

A 5-year-old boy has been rewarded by Microsoft after discovering a way to bypass the Xbox One’s security and logged in to his father’s account without the correct password.

As reported on the BBC, San Diego child Kristoffer Von Hassel attempted to log in to his father’s Xbox Live account with an incorrect password. Users are taken to a second verification screen after entering a wrong password, and Kristoffer found that filling up the password field with spaces on the second screen grants access to the account.

Kristoffer’s father, Robert, who works in computer security reported the issue to Microsoft and the company has rewarded Kristoffer by giving him four free games, $50, a 12-month subscription to Xbox Live and also added him to its list of recognized security researchers.

When asked what he thought would happen after his father reported the flaw to Microsoft, Kristoffer told local news station KGTV: “I thought someone was going to steal the Xbox.”

“We’re always listening to our customers and thank them for bringing issues to our attention,” Microsoft said in a statement. “We take security seriously at Xbox and fixed the issue as soon as we learned about it.”